diff --git a/htdocs/core/lib/security.lib.php b/htdocs/core/lib/security.lib.php index de4d67b1647..06baefed88e 100644 --- a/htdocs/core/lib/security.lib.php +++ b/htdocs/core/lib/security.lib.php @@ -173,10 +173,13 @@ function dol_verifyHash($chain, $hash, $type = '0') * This method check permission on module then call checkUserAccessToObject() for permission on object (according to entity and socid of user). * * @param User $user User to check - * @param string $features Features to check (it must be module $object->element. Examples: 'societe', 'contact', 'produit&service', 'produit|service', ...) + * @param string $features Features to check (it must be module $object->element. Can be a 'or' check with 'levela|levelb'. + * Examples: 'societe', 'contact', 'produit&service', 'produit|service', ...) + * This is used to check permission $user->rights->features->... * @param int $objectid Object ID if we want to check a particular record (optional) is linked to a owned thirdparty (optional). * @param string $tableandshare 'TableName&SharedElement' with Tablename is table where object is stored. SharedElement is an optional key to define where to check entity for multicompany module. Param not used if objectid is null (optional). * @param string $feature2 Feature to check, second level of permission (optional). Can be a 'or' check with 'sublevela|sublevelb'. + * This is used to check permission $user->rights->features->feature2... * @param string $dbt_keyfield Field name for socid foreign key if not fk_soc. Not used if objectid is null (optional) * @param string $dbt_select Field name for select if not rowid. Not used if objectid is null (optional) * @param int $isdraft 1=The object with id=$objectid is a draft diff --git a/htdocs/margin/tabs/productMargins.php b/htdocs/margin/tabs/productMargins.php index 4c34e04c54c..6f2337d1baf 100644 --- a/htdocs/margin/tabs/productMargins.php +++ b/htdocs/margin/tabs/productMargins.php @@ -39,10 +39,6 @@ $fieldtype = (!empty($ref) ? 'ref' : 'rowid'); if (!empty($user->socid)) { $socid = $user->socid; } -$result = restrictedArea($user, 'produit|service', $fieldvalue, 'product&product', '', '', $fieldtype); -if (empty($user->rights->margins->liretous)) { - accessforbidden(); -} $object = new Product($db); @@ -63,6 +59,12 @@ if (!$sortfield) { $sortfield = "f.datef"; } +$result = restrictedArea($user, 'produit|service', $fieldvalue, 'product&product', '', '', $fieldtype); + +if (empty($user->rights->margins->liretous)) { + accessforbidden(); +} + /* * View diff --git a/htdocs/margin/tabs/thirdpartyMargins.php b/htdocs/margin/tabs/thirdpartyMargins.php index b1c569c0912..505ff9f9f31 100644 --- a/htdocs/margin/tabs/thirdpartyMargins.php +++ b/htdocs/margin/tabs/thirdpartyMargins.php @@ -33,8 +33,6 @@ $socid = GETPOST('socid', 'int'); if (!empty($user->socid)) { $socid = $user->socid; } -$result = restrictedArea($user, 'societe', '', ''); - $limit = GETPOST('limit', 'int') ? GETPOST('limit', 'int') : $conf->liste_limit; $sortfield = GETPOST("sortfield", 'alpha'); @@ -61,6 +59,12 @@ if ($socid > 0) { // Initialize technical object to manage hooks of page. Note that conf->hooks_modules contains array of hook context $hookmanager->initHooks(array('thirdpartymargins', 'globalcard')); +$result = restrictedArea($user, 'societe', $object->id, ''); + +if (empty($user->rights->margins->liretous)) { + accessforbidden(); +} + /* * Actions diff --git a/htdocs/product/agenda.php b/htdocs/product/agenda.php index ea32e47c8a5..815014e259f 100644 --- a/htdocs/product/agenda.php +++ b/htdocs/product/agenda.php @@ -73,7 +73,21 @@ if (!$sortorder) { // Initialize technical object to manage hooks of page. Note that conf->hooks_modules contains array of hook context $hookmanager->initHooks(array('agendathirdparty')); -$result = restrictedArea($user, 'produit|service', $id, 'product&product'); +$object = new Product($db); +if ($id > 0 || !empty($ref)) { + $object->fetch($id, $ref); +} + +if ($object->id > 0) { + if ($object->type == $object::TYPE_PRODUCT) { + restrictedArea($user, 'produit', $object->id, 'product&product', '', ''); + } + if ($object->type == $object::TYPE_SERVICE) { + restrictedArea($user, 'service', $object->id, 'product&product', '', ''); + } +} else { + restrictedArea($user, 'produit|service', 0, 'product&product', '', ''); +} /* diff --git a/htdocs/product/card.php b/htdocs/product/card.php index c92f847a1e9..61568a5510a 100644 --- a/htdocs/product/card.php +++ b/htdocs/product/card.php @@ -152,7 +152,17 @@ if (!empty($canvas)) { // Security check $fieldvalue = (!empty($id) ? $id : (!empty($ref) ? $ref : '')); $fieldtype = (!empty($id) ? 'rowid' : 'ref'); -$result = restrictedArea($user, 'produit|service', $fieldvalue, 'product&product', '', '', $fieldtype); + +if ($object->id > 0) { + if ($object->type == $object::TYPE_PRODUCT) { + restrictedArea($user, 'produit', $object->id, 'product&product', '', ''); + } + if ($object->type == $object::TYPE_SERVICE) { + restrictedArea($user, 'service', $object->id, 'product&product', '', ''); + } +} else { + restrictedArea($user, 'produit|service', $fieldvalue, 'product&product', '', '', $fieldtype); +} // Initialize technical object to manage hooks of page. Note that conf->hooks_modules contains array of hook context $hookmanager->initHooks(array('productcard', 'globalcard')); diff --git a/htdocs/product/composition/card.php b/htdocs/product/composition/card.php index 442232686d3..c9499bf415b 100644 --- a/htdocs/product/composition/card.php +++ b/htdocs/product/composition/card.php @@ -50,7 +50,6 @@ if (!empty($user->socid)) { } $fieldvalue = (!empty($id) ? $id : (!empty($ref) ? $ref : '')); $fieldtype = (!empty($ref) ? 'ref' : 'rowid'); -$result = restrictedArea($user, 'produit|service', $fieldvalue, 'product&product', '', '', $fieldtype); $object = new Product($db); $objectid = 0; @@ -60,6 +59,19 @@ if ($id > 0 || !empty($ref)) { $id = $object->id; } +$result = restrictedArea($user, 'produit|service', $fieldvalue, 'product&product', '', '', $fieldtype); + +if ($object->id > 0) { + if ($object->type == $object::TYPE_PRODUCT) { + restrictedArea($user, 'produit', $object->id, 'product&product', '', ''); + } + if ($object->type == $object::TYPE_SERVICE) { + restrictedArea($user, 'service', $object->id, 'product&product', '', ''); + } +} else { + restrictedArea($user, 'produit|service', $fieldvalue, 'product&product', '', '', $fieldtype); +} + /* * Actions diff --git a/htdocs/product/document.php b/htdocs/product/document.php index 372e3c19bdc..0b15ad7a85c 100644 --- a/htdocs/product/document.php +++ b/htdocs/product/document.php @@ -95,9 +95,19 @@ if ($id > 0 || !empty($ref)) { } $modulepart = 'produit'; + $permissiontoadd = (($object->type == Product::TYPE_PRODUCT && $user->rights->produit->creer) || ($object->type == Product::TYPE_SERVICE && $user->rights->service->creer)); -$result = restrictedArea($user, 'produit|service', $fieldvalue, 'product&product', '', '', $fieldtype); +if ($object->id > 0) { + if ($object->type == $object::TYPE_PRODUCT) { + restrictedArea($user, 'produit', $object->id, 'product&product', '', ''); + } + if ($object->type == $object::TYPE_SERVICE) { + restrictedArea($user, 'service', $object->id, 'product&product', '', ''); + } +} else { + restrictedArea($user, 'produit|service', $fieldvalue, 'product&product', '', '', $fieldtype); +} /* diff --git a/htdocs/product/fournisseurs.php b/htdocs/product/fournisseurs.php index 0d5ea9647f5..8b2a792b872 100644 --- a/htdocs/product/fournisseurs.php +++ b/htdocs/product/fournisseurs.php @@ -103,17 +103,16 @@ if ($id > 0 || $ref) { $object->fetch($id, $ref); } -$sortfield = GETPOST("sortfield", 'alpha'); -$sortorder = GETPOST("sortorder", 'alpha'); - -if (!$sortfield) { - $sortfield = "s.nom"; +if ($object->id > 0) { + if ($object->type == $object::TYPE_PRODUCT) { + restrictedArea($user, 'produit', $object->id, 'product&product', '', ''); + } + if ($object->type == $object::TYPE_SERVICE) { + restrictedArea($user, 'service', $object->id, 'product&product', '', ''); + } +} else { + restrictedArea($user, 'produit|service', $fieldvalue, 'product&product', '', '', $fieldtype); } -if (!$sortorder) { - $sortorder = "ASC"; -} - -$result = restrictedArea($user, 'produit|service', $fieldvalue, 'product&product', '', '', $fieldtype); /* diff --git a/htdocs/product/note.php b/htdocs/product/note.php index add915181a2..fad4df3500b 100644 --- a/htdocs/product/note.php +++ b/htdocs/product/note.php @@ -51,7 +51,16 @@ if ($id > 0 || !empty($ref)) { $permissionnote = $user->rights->produit->creer; // Used by the include of actions_setnotes.inc.php -$result = restrictedArea($user, 'produit|service', $fieldvalue, 'product&product', '', '', $fieldtype); +if ($object->id > 0) { + if ($object->type == $object::TYPE_PRODUCT) { + restrictedArea($user, 'produit', $object->id, 'product&product', '', ''); + } + if ($object->type == $object::TYPE_SERVICE) { + restrictedArea($user, 'service', $object->id, 'product&product', '', ''); + } +} else { + restrictedArea($user, 'produit|service', $fieldvalue, 'product&product', '', '', $fieldtype); +} /* diff --git a/htdocs/product/popuprop.php b/htdocs/product/popuprop.php index f23b6eae92d..5aa54b0963c 100644 --- a/htdocs/product/popuprop.php +++ b/htdocs/product/popuprop.php @@ -60,9 +60,7 @@ $offset = $limit * $page; $pageprev = $page - 1; $pagenext = $page + 1; -$staticproduct = new Product($db); - -$result = restrictedArea($user, 'produit|service', 0, 'product&product'); +restrictedArea($user, 'produit|service', 0, 'product&product', '', ''); /* diff --git a/htdocs/product/price.php b/htdocs/product/price.php index 9548643166a..295a999a778 100644 --- a/htdocs/product/price.php +++ b/htdocs/product/price.php @@ -82,7 +82,16 @@ if ((!empty($conf->global->PRODUIT_MULTIPRICES) || !empty($conf->global->PRODUIT // Initialize technical object to manage hooks of page. Note that conf->hooks_modules contains array of hook context $hookmanager->initHooks(array('productpricecard', 'globalcard')); -$result = restrictedArea($user, 'produit|service', $fieldvalue, 'product&product', '', '', $fieldtype); +if ($object->id > 0) { + if ($object->type == $object::TYPE_PRODUCT) { + restrictedArea($user, 'produit', $object->id, 'product&product', '', ''); + } + if ($object->type == $object::TYPE_SERVICE) { + restrictedArea($user, 'service', $object->id, 'product&product', '', ''); + } +} else { + restrictedArea($user, 'produit|service', $fieldvalue, 'product&product', '', '', $fieldtype); +} /* diff --git a/htdocs/product/stats/bom.php b/htdocs/product/stats/bom.php index 053d9d6b1a8..505bc8ed060 100644 --- a/htdocs/product/stats/bom.php +++ b/htdocs/product/stats/bom.php @@ -41,7 +41,6 @@ $fieldtype = (!empty($ref) ? 'ref' : 'rowid'); if ($user->socid) { $socid = $user->socid; } -$result = restrictedArea($user, 'produit|service', $fieldvalue, 'product&product', '', '', $fieldtype); // Initialize technical object to manage hooks of page. Note that conf->hooks_modules contains array of hook context $hookmanager->initHooks(array('productstatscontract')); @@ -67,6 +66,8 @@ if (!$sortfield) { $sortfield = "b.date_valid"; } +$result = restrictedArea($user, 'produit|service', $fieldvalue, 'product&product', '', '', $fieldtype); + /* * View diff --git a/htdocs/product/stats/card.php b/htdocs/product/stats/card.php index 2dae292884e..d791100ae4a 100644 --- a/htdocs/product/stats/card.php +++ b/htdocs/product/stats/card.php @@ -58,7 +58,6 @@ if (!empty($user->socid)) { // Security check $fieldvalue = (!empty($id) ? $id : $ref); $fieldtype = (!empty($ref) ? 'ref' : 'rowid'); -$result = restrictedArea($user, 'produit|service', $fieldvalue, 'product&product', '', '', $fieldtype); $tmp = dol_getdate(dol_now()); $currentyear = $tmp['year']; @@ -66,6 +65,8 @@ if (empty($search_year)) { $search_year = $currentyear; } +$result = restrictedArea($user, 'produit|service', $fieldvalue, 'product&product', '', '', $fieldtype); + /* * Actions diff --git a/htdocs/product/stats/commande.php b/htdocs/product/stats/commande.php index fe8016f362a..9ba4dee7081 100644 --- a/htdocs/product/stats/commande.php +++ b/htdocs/product/stats/commande.php @@ -43,13 +43,10 @@ $socid = ''; if (!empty($user->socid)) { $socid = $user->socid; } -$result = restrictedArea($user, 'produit|service', $fieldvalue, 'product&product', '', '', $fieldtype); // Initialize technical object to manage hooks of page. Note that conf->hooks_modules contains array of hook context $hookmanager->initHooks(array('productstatsorder')); -$mesg = ''; - // Load variable for pagination $limit = GETPOST('limit', 'int') ?GETPOST('limit', 'int') : $conf->liste_limit; $sortfield = GETPOST("sortfield", 'alpha'); @@ -75,6 +72,9 @@ if (GETPOST('button_removefilter_x', 'alpha') || GETPOST('button_removefilter', $search_year = ''; } +$result = restrictedArea($user, 'produit|service', $fieldvalue, 'product&product', '', '', $fieldtype); + + /* * View */ diff --git a/htdocs/product/stats/commande_fournisseur.php b/htdocs/product/stats/commande_fournisseur.php index bc8346e39b1..6037f608b58 100644 --- a/htdocs/product/stats/commande_fournisseur.php +++ b/htdocs/product/stats/commande_fournisseur.php @@ -42,7 +42,6 @@ $socid = ''; if (!empty($user->socid)) { $socid = $user->socid; } -$result = restrictedArea($user, 'produit|service', $fieldvalue, 'product&product', '', '', $fieldtype); // Initialize technical object to manage hooks of page. Note that conf->hooks_modules contains array of hook context $hookmanager->initHooks(array('productstatssupplyorder')); @@ -74,6 +73,8 @@ if (GETPOST('button_removefilter_x', 'alpha') || GETPOST('button_removefilter', $search_year = ''; } +$result = restrictedArea($user, 'produit|service', $fieldvalue, 'product&product', '', '', $fieldtype); + /* * View diff --git a/htdocs/product/stats/contrat.php b/htdocs/product/stats/contrat.php index e419593208c..f91e74edf50 100644 --- a/htdocs/product/stats/contrat.php +++ b/htdocs/product/stats/contrat.php @@ -40,13 +40,10 @@ $fieldtype = (!empty($ref) ? 'ref' : 'rowid'); if ($user->socid) { $socid = $user->socid; } -$result = restrictedArea($user, 'produit|service', $fieldvalue, 'product&product', '', '', $fieldtype); // Initialize technical object to manage hooks of page. Note that conf->hooks_modules contains array of hook context $hookmanager->initHooks(array('productstatscontract')); -$mesg = ''; - // Load variable for pagination $limit = GETPOST('limit', 'int') ?GETPOST('limit', 'int') : $conf->liste_limit; $sortfield = GETPOST("sortfield", 'alpha'); @@ -65,6 +62,8 @@ if (!$sortfield) { $sortfield = "c.date_contrat"; } +$result = restrictedArea($user, 'produit|service', $fieldvalue, 'product&product', '', '', $fieldtype); + /* * View diff --git a/htdocs/product/stats/facture.php b/htdocs/product/stats/facture.php index fa7d4fae24f..0681aa9b5ca 100644 --- a/htdocs/product/stats/facture.php +++ b/htdocs/product/stats/facture.php @@ -44,7 +44,6 @@ $socid = ''; if (!empty($user->socid)) { $socid = $user->socid; } -$result = restrictedArea($user, 'produit|service', $fieldvalue, 'product&product', '', '', $fieldtype); // Initialize technical object to manage hooks of page. Note that conf->hooks_modules contains array of hook context $hookmanager->initHooks(array('productstatsinvoice')); @@ -77,6 +76,7 @@ if (GETPOST('button_removefilter_x', 'alpha') || GETPOST('button_removefilter', $search_year = ''; } +$result = restrictedArea($user, 'produit|service', $fieldvalue, 'product&product', '', '', $fieldtype); /* diff --git a/htdocs/product/stats/facture_fournisseur.php b/htdocs/product/stats/facture_fournisseur.php index 018f1c28f02..69ef83ae5a7 100644 --- a/htdocs/product/stats/facture_fournisseur.php +++ b/htdocs/product/stats/facture_fournisseur.php @@ -44,13 +44,10 @@ $socid = ''; if (!empty($user->socid)) { $socid = $user->socid; } -$result = restrictedArea($user, 'produit|service', $fieldvalue, 'product&product', '', '', $fieldtype); // Initialize technical object to manage hooks of page. Note that conf->hooks_modules contains array of hook context $hookmanager->initHooks(array('productstatssupplyinvoice')); -$mesg = ''; - // Load variable for pagination $limit = GETPOST('limit', 'int') ?GETPOST('limit', 'int') : $conf->liste_limit; $sortfield = GETPOST("sortfield", 'alpha'); @@ -76,6 +73,9 @@ if (GETPOST('button_removefilter_x', 'alpha') || GETPOST('button_removefilter', $search_year = ''; } +$result = restrictedArea($user, 'produit|service', $fieldvalue, 'product&product', '', '', $fieldtype); + + /* * View */ diff --git a/htdocs/product/stats/mo.php b/htdocs/product/stats/mo.php index 1cabfd9ef85..fefb89592e7 100644 --- a/htdocs/product/stats/mo.php +++ b/htdocs/product/stats/mo.php @@ -40,13 +40,10 @@ $fieldtype = (!empty($ref) ? 'ref' : 'rowid'); if ($user->socid) { $socid = $user->socid; } -$result = restrictedArea($user, 'produit|service', $fieldvalue, 'product&product', '', '', $fieldtype); // Initialize technical object to manage hooks of page. Note that conf->hooks_modules contains array of hook context $hookmanager->initHooks(array('productstatscontract')); -$mesg = ''; - // Load variable for pagination $limit = GETPOST('limit', 'int') ?GETPOST('limit', 'int') : $conf->liste_limit; $sortfield = GETPOST("sortfield", 'alpha'); @@ -65,6 +62,8 @@ if (!$sortfield) { $sortfield = "c.date_valid"; } +$result = restrictedArea($user, 'produit|service', $fieldvalue, 'product&product', '', '', $fieldtype); + /* * View diff --git a/htdocs/product/stats/propal.php b/htdocs/product/stats/propal.php index 7dfc8b6d1db..96303ac598d 100644 --- a/htdocs/product/stats/propal.php +++ b/htdocs/product/stats/propal.php @@ -48,8 +48,6 @@ $result = restrictedArea($user, 'produit|service', $fieldvalue, 'product&product // Initialize technical object to manage hooks of page. Note that conf->hooks_modules contains array of hook context $hookmanager->initHooks(array('productstatspropal')); -$mesg = ''; - // Load variable for pagination $limit = GETPOST('limit', 'int') ?GETPOST('limit', 'int') : $conf->liste_limit; $sortfield = GETPOST('sortfield', 'aZ09comma'); @@ -76,6 +74,9 @@ if (GETPOST('button_removefilter_x', 'alpha') || GETPOST('button_removefilter', $search_year = ''; } +$result = restrictedArea($user, 'produit|service', $fieldvalue, 'product&product', '', '', $fieldtype); + + /* * View */ diff --git a/htdocs/product/stats/supplier_proposal.php b/htdocs/product/stats/supplier_proposal.php index 86689786b2d..1b236ed3999 100644 --- a/htdocs/product/stats/supplier_proposal.php +++ b/htdocs/product/stats/supplier_proposal.php @@ -43,13 +43,10 @@ $socid = ''; if (!empty($user->socid)) { $socid = $user->socid; } -$result = restrictedArea($user, 'produit|service', $fieldvalue, 'product&product', '', '', $fieldtype); // Initialize technical object to manage hooks of page. Note that conf->hooks_modules contains array of hook context $hookmanager->initHooks(array('productstatspropal')); -$mesg = ''; - // Load variable for pagination $limit = GETPOST('limit', 'int') ?GETPOST('limit', 'int') : $conf->liste_limit; $sortfield = GETPOST('sortfield', 'aZ09comma'); @@ -76,6 +73,9 @@ if (GETPOST('button_removefilter_x', 'alpha') || GETPOST('button_removefilter', $search_year = ''; } +$result = restrictedArea($user, 'produit|service', $fieldvalue, 'product&product', '', '', $fieldtype); + + /* * View */ diff --git a/htdocs/product/stock/product.php b/htdocs/product/stock/product.php index b97e9b6c2d2..883fff49123 100644 --- a/htdocs/product/stock/product.php +++ b/htdocs/product/stock/product.php @@ -81,8 +81,6 @@ if (!empty($batchnumber)) { if ($user->socid) { $socid = $user->socid; } -$result = restrictedArea($user, 'produit&stock', $id, 'product&product', '', '', $fieldid); - $object = new Product($db); $extrafields = new ExtraFields($db); @@ -114,6 +112,17 @@ $hookmanager->initHooks(array('stockproductcard', 'globalcard')); $error = 0; +if ($object->id > 0) { + if ($object->type == $object::TYPE_PRODUCT) { + restrictedArea($user, 'produit', $object->id, 'product&product', '', ''); + } + if ($object->type == $object::TYPE_SERVICE) { + restrictedArea($user, 'service', $object->id, 'product&product', '', ''); + } +} else { + restrictedArea($user, 'produit|service', $id, 'product&product', '', '', $fieldid); +} + /* * Actions diff --git a/htdocs/product/traduction.php b/htdocs/product/traduction.php index 45b45136410..b2c3b0d0b2f 100644 --- a/htdocs/product/traduction.php +++ b/htdocs/product/traduction.php @@ -45,7 +45,22 @@ $fieldtype = (!empty($ref) ? 'ref' : 'rowid'); if ($user->socid) { $socid = $user->socid; } -$result = restrictedArea($user, 'produit|service', $fieldvalue, 'product&product', '', '', $fieldtype); + +if ($id > 0 || !empty($ref)) { + $object = new Product($db); + $object->fetch($id, $ref); +} + +if ($object->id > 0) { + if ($object->type == $object::TYPE_PRODUCT) { + restrictedArea($user, 'produit', $object->id, 'product&product', '', ''); + } + if ($object->type == $object::TYPE_SERVICE) { + restrictedArea($user, 'service', $object->id, 'product&product', '', ''); + } +} else { + restrictedArea($user, 'produit|service', $fieldvalue, 'product&product', '', '', $fieldtype); +} /* diff --git a/htdocs/variants/combinations.php b/htdocs/variants/combinations.php index ded3a1bb8b9..a7ad432b3ba 100644 --- a/htdocs/variants/combinations.php +++ b/htdocs/variants/combinations.php @@ -51,7 +51,6 @@ $delete_product = GETPOST('delete_product', 'alpha'); // Security check $fieldvalue = (!empty($id) ? $id : $ref); $fieldtype = (!empty($ref) ? 'ref' : 'rowid'); -$result = restrictedArea($user, 'produit|service', $fieldvalue, 'product&product', '', '', $fieldtype); $prodstatic = new Product($db); $prodattr = new ProductAttribute($db); @@ -64,8 +63,6 @@ if ($id > 0 || $ref) { $selectedvariant = $_SESSION['addvariant_'.$object->id]; -$permissiontoread = $user->rights->produit->lire || $user->rights->service->lire; - // Security check if (empty($conf->variants->enabled)) { accessforbidden('Module not enabled'); @@ -73,8 +70,17 @@ if (empty($conf->variants->enabled)) { if ($user->socid > 0) { // Protection if external user accessforbidden(); } -//$result = restrictedArea($user, 'variant'); -if (!$permissiontoread) accessforbidden(); + +if ($object->id > 0) { + if ($object->type == $object::TYPE_PRODUCT) { + restrictedArea($user, 'produit', $object->id, 'product&product', '', ''); + } + if ($object->type == $object::TYPE_SERVICE) { + restrictedArea($user, 'service', $object->id, 'product&product', '', ''); + } +} else { + restrictedArea($user, 'produit|service', $fieldvalue, 'product&product', '', '', $fieldtype); +} /*